<?php

class bpUser {
	private $id;
	private $name;
	private $login;
	private $sex;
	private $email;
	private $phone;
	private $rang;
	
    function validateUserId($id, $isSet = false) {
        if (is_numeric($id) && !empty($id)) {
            if ($isSet) {
                $result = mysql_query(sprintf("SELECT login FROM users WHERE id='%d'", $id));
                if (mysql_num_rows($result)) {
                    return mysql_result($result, 0, "login");
                } else {
                    return false;
                }
            } else {
                return true;
            }
        } else {
            return false;
        }
    }
    
    function validateUserLogin($login, $isSet = false) {
    	setlocale(LC_ALL, 'ru_RU.utf8');
        if (preg_match("/^[абвгдеёжзийклмнопрстуфхцчшщьъэюяАБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЬЪЭЮЯ0-9a-zA-Z _-]{1,50}$/",$login)) {
            if ($isSet) {
                $result = mysql_query(sprintf("SELECT id FROM users WHERE login='%s'", mysql_real_escape_string($login)));
                if (mysql_num_rows($result)) {
                    return mysql_result($result, 0, "id");
                } else {
                    return false;
                }
            } else {
                return true;
            }
        } else {
            return false;
        }
    }
    
    function validateUserPass($pass) {
        setlocale(LC_ALL, 'ru_RU.utf8');
        if (preg_match("/^[a-zA-Z0-9_-]{1,50}$/",$login)) {
            return true;
        } else {
            return false;
        }
    }
    
    function validateUserSex($sex) {
    	if (is_numeric($sex) && $sex>=0 && $sex <=2) {
    		return true;
    	} else {
    		return false;
    	}
    }
    
    function validateUserEmail($email) {
    	if (preg_match("/^[a-zA-Z0-9\._-]{1,97}@[a-zA-Z0-9\._-]{2,98}$/", $email) && strlen($email)<=100) {
    		return true;
    	} else {
    		return false;
    	}
    }
	
	
	function getUserArray($id = 0) {
		if ($id == 0 || bpUser::validateUserId($id)) {
			$where = array();
			if ($id) {
				$where[] = "id='$id'";
			}
			$where = implode(" AND ",$where);
			$result = mysql_query("SELECT * FROM users".(empty($where)?"":" WHERE ".$where));
			$output = array();
			while ($row = mysql_fetch_assoc($result)) {
				$row["name"] = htmlspecialchars($row["name"]);
				$row["email"] = htmlspecialchars($row["email"]);
				$row["avatar_"] = '<img src="'.PATH_TO_IMAGES_AVATAR.$row["avatar"].'" alt="'.$row["name"].'" title="'.$row["name"].'" />';
				$output[] = $row;
			}
			return $output;
		} else {
			return false;
		}
	}
	
	function loadUser($identifire, $isId = true) {
		$where = array();
		if ($isId) {
			if ($this->validateUserId($identifire)) {
				$where[] = "id='$identifire'";
			} else {
				return false;
			}
		} else {
			if ($this->validateUserLogin($identifire)) {
				$where[] = "login='$identifire'";
			} else {
				return false;
			}
		}
		$result = mysql_query("SELECT * FROM users WHERE ".$where);
		$user = mysql_fetch_assoc($result);
		$this->id = $user["id"];
		$this->login = $user["login"];
		$this->name = $user["name"];
		$this->email = $user["email"];
		$this->phone = $user["phone"];
		$this->rang = $user["rang"];
		$this->sex = $user["sex"];
	}
	
	function isUser($login, $pass) {
	    if (bpUser::validateUserLogin($login)) {
	        $query = sprintf("SELECT id FROM users WHERE login='%s' AND pass='%s'", mysql_real_escape_string($login), $pass);
	        $result = mysql_query($query);
	        if (mysql_num_rows($result)) {
	            return mysql_result($result, 0, "id");
	        } else {
	            return false;
	        }
	    } else {
	        return false;
	    }
	}
	
	function registerUser($login, $pass, $name, $sex, $email, $phone, $avatar) {
		if (!bpUser::validateUserLogin($login, true) && bpUser::validateUserPass($pass) && bpUser::validateUserEmail($email) && bpUser::validateUserSex($sex)) {
			echo "1sddf";
			$query = "INSERT INTO users (created, modified, login, pass, name, sex, email, phone, avatar, ban, rang) 
			                     VALUES(NOW(), NOW(), '%s', '%s', '%s', '%d', '%s', '%s', '%s', '%d', '%f' )";
			if (mysql_query(sprintf($query, mysql_real_escape_string($login), mysql_real_escape_string(md5($pass), mysql_real_escape_string($name), $sex, mysql_real_escape_string($email), mysql_real_escape_string($phone), mysql_real_escape_string($avatar), 0, 0.0)))) {
				return mysql_insert_id();
			} else {
				return false;
			}
		} else {
			return false;
		}
	}
	
}

?>